Organizations are more challenged than ever when it comes to protecting networks from cyber threats. Infoblox’s Allen McNaughton explains why visibility is a foundational part of a â€œdefense in-depthâ€ strategy, and how organizations can leverage visibility to strengthen network security.
Bad actors are constantly coming up with ways to evade defensive techniques put in place by government agencies, educational institutions, healthcare providers, companies, and other organizations.Â
To keep up, network security needs what’s known as â€œdefense in-depthâ€: a strategy that leverages different security solutions to provide robust and comprehensive security against unauthorized intruders.Â
Think about securing your house: locks on your doors can protect only your doors. But if you have locks on your doors and windows, a high fence, security cameras, an alarm system and two highly trained guard dogs, you have what we call â€œdefense in depth.â€ The same goes for networks. And when it comes to building a defense-in-depth strategy for your network, the first and most important feature is visibility â€”knowing what is on your network.
Why Visibility? Because You Can’t Protect What You Can’t SeeÂ
It’s obvious when you think about it: if you can’t see it, you can’t protect it.
Without understanding the devices, hardware, software, and traffic that are running on a network, security professionals are working with one hand tied behind their back, forced to react to threats as they arise from unknown vectors instead of being able to pre-emptively manage and control the threat surface as a whole.
Indeed, without this kind of visibility, we have no idea how large the attack surface even is. Every device that we can’t see is a security threat â€” whether intentional (a malicious actor) or not (an unpatched device) â€” and defense in-depth becomes impossible.Â
The â€œEyeâ€ in DDI
With visibility, we typically talk about being able to understand the end devices that connect to a network â€” computers, smartphones, IoT devices, and the like.Â
To get this kind of visibility, we can use IP Address Management (IPAM) â€” which together with DNS and DHCP is one of the core network services that make up DDIOpens a new window â€” to get a comprehensive picture of who is connected to the network.
Technically speaking, IPAM is a database of the allocated IP addresses across a network which, over time, lets you see who had what IP address and when â€” a critical part of defense in-depth.
This information gives us the ability to hunt down alerts and quickly figure out which device is generating malicious traffic, allowing us to rapidly resolve the threat.Â
Understanding the Attack Surface
Knowing what devices are connected to your network is only part of the visibility story. The other side is knowing what devices make up your network â€” the switches, routers, access points, and other physical hardware that enable devices to connect and share information with one another. This threat vector is often forgotten or overlooked simply because these devices are often put into the network, set up, and forgotten. They don’t need much attention because they just need to work.
But understanding them is extremely important to a defense-in-depth strategy. The networking team needs to be able to install, configure, update, and secure these devices obviously, but the security team also needs to be aware of what is out there and how it is protected.
And as new vulnerabilities come out, the teams need to ensure that the devices are updated in a coordinated manner so that the network remains up and available to the end-users. Of course, there should also be a programmatic way that the teams can understand if a vulnerability (PSIRTOpens a new window , CVEOpens a new window , etc.) will affect the networking gear that is running the network.
A Network Configuration and Control Management tool (NCCM), can give teams this kind of visibility, enabling them to maintain and configure the information associated with a network’s components, and help network professionals control, manage, and secure these network devices.
Just as the ability to manage and secure known network devices is important to defense in-depth, so too is knowing if an unauthorized or simply an unknown device is connected to the network. What is that device? Should it be on the network? If it is supposed to be, is the version of code up to your corporate standards? If it isn’t supposed to be on the network, where is that device located?Â Â
Being able to answer these questions gives teams full visibility into the devices on a network as well as their security posture. It is also critical that this NCCM be a multi-vendor solution, to deal with the heterogeneous nature of today’s networks. Often routers and switches can almost be seen as a commodity, but they can still represent an entrance for bad actors to access your network.
Putting It All Together: Leveraging Visibility for Security
So that’s what visibility is, but so what? How can it help defend in-depth?
For starters, it makes your security team more efficient. Once you have an overall picture of your network, your security ops team is better equipped to protect your network and its users.Â
Visibility enables them to quickly and efficiently identify vulnerabilities to be patched and the devices to be updated.
With visibility, they can quickly and automatically identify and isolate devices that access malicious sites, and understand where those devices have been.Â Â
And visibility gives them the ability to quickly identify and investigate security incidents with an authoritative database of information on the affected devices. For example, with a robust IPAM solution, teams can automatically identify rogue or unauthorized devices and isolate them from the network â€” shutting down unauthorized and unprotected vectors into your network without increasing administrative hassle. A strong NCCM solution can also help identify weak spots in your network architecture, eliminating blind spots that can impede the effectiveness and efficiency of your security and network solutions.
As the starting point for a whole manner of security processes and protocols that are critical to building defense-in-depth, visibility can help keep your network, data, and users safe.Â
The only question left is: What’s on your network?